Defense in Depth (DiD) is a term commonly used by the security industry to describe the strategy of implementing layers of security controls at various logical and physical teirs within an organization to reduce security risk.
This presentation will examine DiD from a researcher's perspective and challenge its effectiveness as a best practice. The presentation will include several case studies directly supporting our case, and contain original vulnerability research into products that are used to implement a DiD strategy.
Attack Research Val Smith has been involved in the computer security community and industry for over ten years. He currently works as a professional security researcher on a variety of problems in the security community. He specializes in penetration testing (over 40,000 machines assessed), reverse engineering and malware research. He works on the Metasploit Project development team as well as other vulnerability development efforts. Most recently Valsmith founded Attack Research which is devoted to deep understanding of the mechanics of computer attack. Previously Valsmith founded Offensive Computing, a public, open source malware research project.